block connection/friend request spam

diff --git a/boot.php b/boot.php
index 329165ef8fb382b8a42d5487d9d3d57932eb820a..9f6f88d68903cf7643670f33d6bb407f9099dd7a 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -2,7 +2,7 @@
 
 set_time_limit(0);
 
-define ( 'BUILD_ID',               1025   );
+define ( 'BUILD_ID',               1026   );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.0'  );
 
 define ( 'EOL',                    "<br />\r\n"     );

diff --git a/database.sql b/database.sql
index 30edf4189b4f81357aee819fdd1ab84fea6f58ad..10bb417acaa0b4ebabc5a760bf09aed0c37fe4c8 100644 (file)
--- a/database.sql
+++ b/database.sql
@@ -372,6 +372,7 @@ CREATE TABLE IF NOT EXISTS `user` (
   `notify-flags` int(11) unsigned NOT NULL DEFAULT '65535', 
   `page-flags` int(11) unsigned NOT NULL DEFAULT '0',
   `pwdreset` char(255) NOT NULL,
+  `maxreq` int(11) NOT NULL DEFAULT '10',
   `allow_cid` mediumtext NOT NULL, 
   `allow_gid` mediumtext NOT NULL,
   `deny_cid` mediumtext NOT NULL, 

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 9c8064db5224dda5d9ac586ee8b5a12b5b62b36f..6cefdd28e60c3e844a47f2c3631b01fee3338a7c 100644 (file)
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -217,17 +217,34 @@ function dfrn_request_post(&$a) {
                return;
        }
 
-       $nickname = $a->profile['nickname'];
-       $notify_flags = $a->profile['notify-flags'];
-       $uid = $a->profile['uid'];
-
+       $nickname       = $a->profile['nickname'];
+       $notify_flags   = $a->profile['notify-flags'];
+       $uid            = $a->profile['uid'];
+       $maxreq         = intval($a->profile['maxreq']);
        $contact_record = null;
-       $failed = false;
-       $parms = null;
+       $failed         = false;
+       $parms          = null;
 
 
        if( x($_POST,'dfrn_url')) {
 
+               /**
+                * Block friend request spam
+                */
+
+               if($maxreq) {
+                       $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
+                               dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
+                               intval($uid)
+                       );
+                       if(count($r) > $maxreq) {
+                               notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL);
+                               notice( t('Spam protection measures have been invoked.') . EOL);
+                               notice( t('Friends are advised to please try again in 24 hours.') . EOL);
+                               return;
+                       } 
+               }
+
                $url = trim($_POST['dfrn_url']);
                if(! strlen($url)) {
                        notice( t("Invalid locator") . EOL );

diff --git a/mod/settings.php b/mod/settings.php
index a8e02ea4001815b2fb573c5a4e0d6152a2c84f5f..b86ff4c1c858a0409a90535cf628221d967a9740 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -53,6 +53,7 @@ function settings_post(&$a) {
        $timezone         = ((x($_POST,'timezone'))   ? notags(trim($_POST['timezone']))     : '');
        $defloc           = ((x($_POST,'defloc'))     ? notags(trim($_POST['defloc']))       : '');
        $openid           = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url']))   : '');
+       $maxreq           = ((x($_POST,'maxreq'))     ? intval($_POST['maxreq'])             : 0);
 
        $allow_location   = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
        $publish          = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
@@ -105,7 +106,7 @@ function settings_post(&$a) {
        $str_group_deny    = perms2str($_POST['group_deny']);
        $str_contact_deny  = perms2str($_POST['contact_deny']);
 
-       $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s'  WHERE `uid` = %d LIMIT 1",
+       $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d  WHERE `uid` = %d LIMIT 1",
                        dbesc($username),
                        dbesc($email),
                        dbesc($openid),
@@ -119,6 +120,7 @@ function settings_post(&$a) {
                        dbesc($defloc),
                        intval($allow_location),
                        dbesc($theme),
+                       intval($maxreq),
                        intval(local_user())
        );
        if($r)
@@ -179,6 +181,7 @@ function settings_content(&$a) {
        $notify   = $a->user['notify-flags'];
        $defloc   = $a->user['default-location'];
        $openid   = $a->user['openid'];
+       $maxreq   = $a->user['maxreq'];
 
        if(! strlen($a->user['timezone']))
                $timezone = date_default_timezone_get();
@@ -290,6 +293,7 @@ function settings_content(&$a) {
                '$sel_notify3' => (($notify & NOTIFY_WALL)    ? ' checked="checked" ' : ''),
                '$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''),
                '$sel_notify5' => (($notify & NOTIFY_MAIL)    ? ' checked="checked" ' : ''),
+               '$maxreq' => $maxreq,
                '$theme' => $theme_selector,
                '$pagetype' => $pagetype
        ));

diff --git a/update.php b/update.php
index 382c83e5a0ad8fc1598d02a35142279321304e0b..5b4d99603cff24b6d8ce02beb9ef47a7f887cea4 100644 (file)
--- a/update.php
+++ b/update.php
@@ -247,3 +247,7 @@ function update_1024() {
        q("ALTER TABLE `profile` ADD `keywords` TEXT NOT NULL AFTER `religion` ");
 }
 
+function update_1025() {
+       q("ALTER TABLE `user` ADD `maxreq` int(11) NOT NULL DEFAULT '10' AFTER `pwdreset` ");
+}
+

diff --git a/view/en/settings.tpl b/view/en/settings.tpl
index 095dd70a4a098c3a702630b22929b520f8b60fd6..a02e8ec080c2a444fa33937b4bd1e241e0e7a0d8 100644 (file)
--- a/view/en/settings.tpl
+++ b/view/en/settings.tpl
@@ -59,10 +59,22 @@ $theme
 
 <input type="hidden" name="visibility" value="$visibility" />
 
+<div id="settings-maxreq-wrapper">
+<label id="settings-maxreq-label" for="settings-maxreq" >Maximum Friend Requests/Day</label>
+<input id="settings-maxreq" name="maxreq" value="$maxreq" />
+<div id="settings-maxreq-desc">(to prevent spam abuse)</div>
+</div>
+<div id="settings-maxreq-end"></div>
+
+
+
+
 $profile_in_dir
 
 $profile_in_net_dir
 
+
+
 <div id="settings-default-perms" class="settings-default-perms" >
        <div id="settings-default-perms-menu" class="fakelink" onClick="openClose('settings-default-perms-select');" >$permissions</div>
        <div id="settings-default-perms-menu-end"></div>

diff --git a/view/theme/default/style.css b/view/theme/default/style.css
index 627915e643bab330ee669946c4eaeed5c3f1b80b..8ad6ee5936324f8c171cea6835492d6ca5ff88a6 100644 (file)
--- a/view/theme/default/style.css
+++ b/view/theme/default/style.css
@@ -496,6 +496,7 @@ input#dfrn-url {
 #settings-password-end,
 #settings-confirm-end,
 #settings-openid-end,
+#settings-maxreq-end,
 #notify1-end,
 #notify2-end,
 #notify3-end,
@@ -515,6 +516,7 @@ input#dfrn-url {
 #settings-password-label,
 #settings-confirm-label,
 #settings-openid-label,
+#settings-maxreq-label,
 #settings-label-notify1,
 #settings-label-notify2,
 #settings-label-notify3,
@@ -533,6 +535,7 @@ input#dfrn-url {
 #theme-select,
 #settings-password,
 #settings-confirm,
+#settings-maxreq,
 #notify1,
 #notify2,
 #notify3,
@@ -548,7 +551,10 @@ input#dfrn-url {
        width: 127px;
 }
        
-
+#settings-maxreq-desc {
+       float: left;
+       margin-left: 20px;
+}
 
 #settings-theme-label,
 #settings-defloc-label {